Microsoft warns about open redirect phishing campaign

Don’t let this latest phishing attempt redirect you.

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

What you need to know

What you need to know

The Microsoft Security Intelligence Twitter account is at it again with another PSA regarding phishing campaigns mucking up link-clicking safety for denizens of the web. If you get an email with one of these sketchy links, you may not be able to recognize the problem until it’s too late.

Here’s the issue: These open redirector links are crafted to subvert normal inspection efforts. Smart users know to hover over links to see where they’re going to lead, but these links are prepared for that type of user and display a safe destination designed to lure targets into a false sense of security. Click the link and you’ll be redirected to a domain that appears legit (such as aMicrosoft 365login page, for example) and sets the stage for you to voluntarily hand over credentials to bad actors without even realizing it until it’s too late.

This phishing campaign takes things further than just crafty URLs, though. It also employs Google reCAPTCHA services in order to keep threat analysis systems at bay, stopping site scanners from protecting you once you’re in the malicious domain.

We’ve been tracking a phishing campaign that has been using open redirects for months, and it continues to evolve and persist. As recently as last week, we detected a spam run that abused a different web app but utilized the same TTPs and infrastructure.pic.twitter.com/3iztzVwbKyWe’ve been tracking a phishing campaign that has been using open redirects for months, and it continues to evolve and persist. As recently as last week, we detected a spam run that abused a different web app but utilized the same TTPs and infrastructure.pic.twitter.com/3iztzVwbKy— Microsoft Security Intelligence (@MsftSecIntel)August 30, 2021August 30, 2021

All in all, it’s crafty stuff, and Microsoft admits as muchover on Twitter. It also has adedicated blog postthat details the scheme in greater depth, though the post’s protection advice section is light on actionable guidance. Still, there’s a lot of detailed data in there that could potentially offer those with an advanced understanding of phishing attack procedures some worthwhile information.

Get the Windows Central Newsletter

Get the Windows Central Newsletter

All the latest news, reviews, and guides for Windows and Xbox diehards.

Robert Carnevale is the News Editor for Windows Central. He’s a big fan of Kinect (it lives on in his heart), Sonic the Hedgehog, and the legendary intersection of those two titans, Sonic Free Riders. He is the author ofCold War 2395. Have a useful tip? Send it to robert.carnevale@futurenet.com.